The tool, released Thursday, is
designed for at-risk accounts, as well as for those who want the strongest account protections available.
It combines a set of heightened security measures that help safeguard against
account takeover while making those protections easier to activate.
Once enrolled, Advanced Account Security protects users in Codex.
The service introduces several key enhancements
including hardware security key, rather than using passwords, to prevent remote credential theft.
OpenAI has also built in stricter account recovery to protect sensitive data and reduce
the risk of unauthorized takeovers.
It also built in a privacy filter released last week that identifies and masks sensitive information such as addresses and account numbers before data
is stored or processed.
A dedicated application security agent automatically monitors codebases for vulnerabilities and proposes fixes.
advertisement
advertisement
This tool is now in research preview
for Enterprise, Business, and Education customers.
The announcement is part of a larger cybersecurity action plan to broaden access to technologies that can
help protect communities, critical systems, and national security, according to the post.
One important caveat is that users can no longer log in with an email and password once enabled, and
recovering an account via email or text message is disabled.
OpenAI's support team will not have access to help users recover their accounts if they are locked out, per the post.
There will be an alternative recovery method, since if a user’s email account or phone number is compromised, an attacker may try to use one of them to gain access to their ChatGPT account
via email or SMS based recovery.
Advanced Account Security disables email and SMS recovery to reduce the risk, and requires stronger recovery methods such as backup passkeys, security keys,
and recovery keys.